From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71B3AEB64DA for ; Thu, 22 Jun 2023 20:10:05 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CD9818D0002; Thu, 22 Jun 2023 16:10:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C89218D0001; Thu, 22 Jun 2023 16:10:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id B51DB8D0002; Thu, 22 Jun 2023 16:10:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id A85AB8D0001 for ; Thu, 22 Jun 2023 16:10:04 -0400 (EDT) Received: from smtpin07.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 70A7B4010B for ; Thu, 22 Jun 2023 20:10:04 +0000 (UTC) X-FDA: 80931475128.07.8960ADD Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by imf25.hostedemail.com (Postfix) with ESMTP id 6D123A0011 for ; Thu, 22 Jun 2023 20:10:02 +0000 (UTC) Authentication-Results: imf25.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=JdPrcgZ1; spf=pass (imf25.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.182 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1687464602; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=gYBy4agZ+KdBreGb8i62JIVz4X9MAhRX6m8qzaJt3g8=; b=XjG+MfyBsMjnqsQKLD2Wbews04Tj5OnkjyPK22hWlX/X/5kveFKKqp+N8RLWPjzSy8R1rm mLIxDIRPLux+musG5GUzng1RURWg306XvXC+zja7YVSiTHZsHK4c8eh1sOmGXF/Un4OCPR v18C4npqAGKPYAFObUZ89mXdkxpPJWk= ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1687464602; a=rsa-sha256; cv=none; b=tQsjeO9B+Yy4WcQ3ZfSt8BvwXXga8yQg77XIiB4nPQuLCT0E7ddGtIeNBUq++PWG98xlBK wP+C+66vQObhN6RA1eIpjm6iPmbSBsYJaqDwSpr8PDBC6H+RV1G62TLYHwMFrH/dXkGMbz ZhR0dHkU1o8xXbD5uHbhZRX/JKNOcuE= ARC-Authentication-Results: i=1; imf25.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=JdPrcgZ1; spf=pass (imf25.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.182 as permitted sender) smtp.mailfrom=keescook@chromium.org; dmarc=pass (policy=none) header.from=chromium.org Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-666ecf9a081so5688297b3a.2 for ; Thu, 22 Jun 2023 13:10:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1687464601; x=1690056601; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=gYBy4agZ+KdBreGb8i62JIVz4X9MAhRX6m8qzaJt3g8=; b=JdPrcgZ11nmSN5JnRqhTwTXM+Uegw7fEE8Vnd1cnBhMjln2MO7/ucKgZNYmtqB6VuG IHDXlyR3rIOCsosRfk3Fo71wbaJoMLkRVVfiGqans3ywNGb0w8jlRzAQ8Hfr3mJsth62 /va8tsLMaXh8HYfF5kSxCEL4j0rsBtcMjIjNE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687464601; x=1690056601; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=gYBy4agZ+KdBreGb8i62JIVz4X9MAhRX6m8qzaJt3g8=; b=accVVl3iYHmi2sBm7L24ZJCqo+hl0ziNsiJVEi8dbDLITl3Bv0EiVuEmJlcu3mhrXa qyo+VuqWqFobFFaO/tnPAcD8t+ZLpyhv5h5BkiLVx+fkXWMbuycruRAyh+BT73OW/a8B hBhSeaZrjp1Y+31E2e0JlJAdJb/kMRl+gu7WSCipC+37rTpHLUUIeZ96cMFGZn4CIE2H 8Y9b0XBCCd0zxPAnn1wECU7rOdiSzjuJj0SHKi89SYw6d8iamIek9bE4W15AKRJ7n0Vq v1XftxOliDw6kBQR0ThlODuCVQAZifSOjZvnoE2x40P+WXy+2uCqRwrz++MwkvezOHio Kd3Q== X-Gm-Message-State: AC+VfDwAO0Evllvr8b66b+ct1k12MsiyA8GQSEn3pNJvR2d8FPtWI1MC rwNJOiy+YlvkIgoEjsKSt5bp3Q== X-Google-Smtp-Source: ACHHUZ4deznPRyCjw65rMtFd2vJ0q9EXRx0bzgQnun51Vs0tYnAUm/sSZkCDNisNN1TouaeAcNNmIQ== X-Received: by 2002:a05:6a00:15ca:b0:66a:4fc7:ad04 with SMTP id o10-20020a056a0015ca00b0066a4fc7ad04mr5348470pfu.14.1687464601182; Thu, 22 Jun 2023 13:10:01 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id s17-20020aa78d51000000b0065440a07294sm5011181pfe.95.2023.06.22.13.10.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Jun 2023 13:10:00 -0700 (PDT) Date: Thu, 22 Jun 2023 13:10:00 -0700 From: Kees Cook To: Vlastimil Babka Cc: "GONG, Ruiqi" , Andrew Morton , Joonsoo Kim , David Rientjes , Pekka Enberg , Christoph Lameter , Tejun Heo , Dennis Zhou , Alexander Potapenko , Marco Elver , Jann Horn , Roman Gushchin , Hyeonggon Yoo <42.hyeyoo@gmail.com>, Dmitry Vyukov , Alexander Lobakin , Pedro Falcato , Paul Moore , James Morris , "Serge E . Hallyn" , Wang Weiyang , Xiu Jianfeng , linux-mm@kvack.org, linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, gongruiqi1@huawei.com Subject: Re: [PATCH v3 1/1] Randomized slab caches for kmalloc() Message-ID: <202306221307.6CF63BAC20@keescook> References: <20230616111843.3677378-1-gongruiqi@huaweicloud.com> <20230616111843.3677378-2-gongruiqi@huaweicloud.com> <3fdc76f0-6c45-c405-0024-d1d69b5bf068@suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3fdc76f0-6c45-c405-0024-d1d69b5bf068@suse.cz> X-Rspamd-Queue-Id: 6D123A0011 X-Rspam-User: X-Stat-Signature: usm3zh1o87h8udhdue3dzja6qjm1z8c5 X-Rspamd-Server: rspam03 X-HE-Tag: 1687464602-596459 X-HE-Meta: U2FsdGVkX1+sJaSUA23UBvrkJxRvA8u8u1H83qKVEaRoulTzkQT6iLWYeC7dzOf0z5JbZUtPKfxbRgxsGlkfnMDfh/X3eVCFgpn9lO9rlbzWF3pUPVbNfbDS+A3q1XnO6RtgYTWFeMYwx0dJRy7adcud/Pp82SULBlR7s1ot1wEyJv6JEP6j6mxSKyjC2tdmZq8Q0U6gs3wD7L8CdypQ/WwN1JXqb63mgj+EFpFskKZShoMTh7zaUFR4o/mL/9kVDqJqrRc3Mnir/Ex69voUYwJRXZXfMQdkzzupx93K0wf9rTPC5M/nsmehpcCoD9wdZZrRy7SGga1ixW7ptz0oQR2KvaO94CuY59jUeq5PclIKTVZ7Dtbc4Wf19J9FURruM+MsdADw3imMheqX1F1vgj/PRZRwwSwOlIZyi2t7gJH45Ih0FqiiT8tSmavN8d1NxaiF9umncob6os4ZU4rHiLEUOp3ru04yDhJNF0RcJIXEijVManlLr3MZghqysoh6fcGfXkGY7Bnp4c/6eHxL/B5pe1PJUIUhLhhcITM7GEzRbI8H2tGhlKW8J0pkN1eJBnU8IIckCB7z/0pVCM+aIsSOmmb0ZBn9jCT2NdVRKRoklU38vz0bskCM/LIh4xvtbm+ZiZlJOpmR+sfLA6Ub3Pwizh4Z6BIPASjva8YmmIhr19FxVKNODLvsbnOxympTvW+ql3qCLDhQz53AIeeLpjk+sE+7Qdxu6H+PGKv2YWj+xA6CvDn2ZSVGDlO5w40fjKBzI6qCnfBwz1UEYV71p+fZtJvJJ/JE70pXL+V1ksGckTJukXb2XleveRlVECwUF7c5tDmarS3nKOCuLLrJ9FvulGtpZ/laR9f4JcMYj/vNNGZp0Gt5lIyOGLdhX4VvTAsa3vYoqpfeUTi+mCd7oJ9UFn1lWHqLL6wczfZYsdC+bqW/gxrQMBSMMvlk8Ry8rgpBqgF7CFja6NoYhka Tc2htwDh t0L+Ia56d70Rxq3Tpd8DJ13fAwiG7ZALKr4NIVnZMjFUCaQLzeo9EbfDebi7vmfCIOjOUmIP27RX4QEi6uq5XaJ/+XJmAu779GModDgjSSMX166mw7Ia7n745aCboYC4a3HN2gYqn0+dR5HYR2dzXblqfsk4d4i3ex+lXANbKow6RLDx2VlcVbx1dqB4I1t9vhpaemLopyc4vMnuBLNsx+kernWY4QIjAas0E6v4CaXaXYbT9Pt5tK/hoNWqAP01pz9t0cR6xgFXw4oieM8Ip+xTyTZEpZ4QCDD5CQRrrPp68dO8FYT0NJSkMtOS3m/8qxx//MBUk7UQTQGUgvtizAjaTIjvbotul5Y9qvhzZ+ZrwuvIw5DsExv4DG0EJd8ehWbXW/BYiZFWlzylZXDmglS1hgOzQWrjMaqac3BIjAK5w8nNJtLO6uCEaG48aByND2sXRkfLG6wiJJPq3Z0OqTOSw7NBYWKHIo+MM X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Jun 22, 2023 at 03:56:04PM +0200, Vlastimil Babka wrote: > On 6/16/23 13:18, GONG, Ruiqi wrote: > > index a3c95338cd3a..6150e9a946a7 100644 > > --- a/mm/Kconfig > > +++ b/mm/Kconfig > > @@ -337,6 +337,55 @@ config SLUB_CPU_PARTIAL > > which requires the taking of locks that may cause latency spikes. > > Typically one would choose no for a realtime system. > > > > +config RANDOM_KMALLOC_CACHES > > + default n > > + depends on SLUB > > + bool "Random slab caches for normal kmalloc" > > + help > > + A hardening feature that creates multiple copies of slab caches for > > + normal kmalloc allocation and makes kmalloc randomly pick one based > > + on code address, which makes the attackers unable to spray vulnerable > > + memory objects on the heap for exploiting memory vulnerabilities. > > + > > +choice > > + prompt "Number of random slab caches copies" > > + depends on RANDOM_KMALLOC_CACHES > > + default RANDOM_KMALLOC_CACHES_16 > > + help > > + The number of copies of random slab caches. Bigger value makes the > > + potentially vulnerable memory object less likely to collide with > > + objects allocated from other subsystems or modules. > > When I read this, without further knowledge, why would I select anything > else than the largest value? It should mention memory overhead maybe? Yeah, good idea. > Also would anyone really select only "2" and thus limit the collision > probability to 50% and not less? "4" also seems quite low for the given > purpose? Could we just pick and hardcode 8 or 16 and avoid the selection, at > least until there's some more experience with the whole approach? I assume it was for doing performance (speed or space) analysis for people interested in tuning it. The default is 16, which is what most folks will end up with. i.e. I'm not sure I see a benefit to dropping 2 and 4, since I imagine people will either want the highest value (16), or the ability to do a full comparison of each setting. Regardless, I would be fine if we dropped 2 and 4, since I am focused on the maximum number (16) of hash buckets. :) -Kees -- Kees Cook